Managing spoofed calls to mobile devices

ABSTRACT

Methods and apparatuses for managing spoofed calls to a mobile device are described, in which the mobile device receives a call transmitted over a cellular or mobile network. The call may include a set of information associated with the network, such as a geological location of a device that generated the call, a hardware device identifier corresponding to the device, an internet protocol (IP) address associated with the device, or a combination thereof. The mobile device may determine whether the call is spoofed or genuine based on the set of information. Subsequently, the mobile device may assist a user of the mobile device to manage the call, such as blocking the call from reaching the user, informing the user that the call is spoofed, facilitating the user to report the call as spoofed to an authority and/or a service provider of the network.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application is a continuation of U.S. patent application Ser. No.16/880,783, filed May 21, 2020, now U.S. Pat. No. 11,330,101, which isincorporated herein by reference in its entirety.

TECHNICAL FIELD

The present disclosure generally relates to mobile devices, and moreparticularly relates to managing spoofed calls to mobile devices.

BACKGROUND

Mobile devices (e.g., cellular phones) are widely deployed to connectusers across geographic locations around the world. This connectivity,however, may permit third parties who do not have legitimate reasons tocall the users (e.g., unwanted sales or promotion calls) and/or havenefarious intent to defraud the users (e.g., by tricking or falselyinducing the users to believe an urgent situation requires theirimmediate attention). In some cases, such third parties may emulate orotherwise fabricate various information (e.g., nicknames, phone numbersof the users' contact lists) to appear on the users' mobile device tomake the users to answer their calls. It would be beneficial for theusers if the mobile devices can identify such calls to protect the usersand/or to help the users in managing such calls.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 schematically illustrates a communication system that supportsmanaging spoofed calls to mobile devices in accordance with embodimentsof the present technology.

FIG. 2 illustrates example screens of a mobile device that supportsmanaging spoofed calls in accordance with embodiments of the presenttechnology.

FIG. 3 is a block diagram of a mobile device that supports managingspoofed calls in accordance with embodiments of the present technology.

FIGS. 4 and 5 are flowcharts illustrating methods of managing spoofedcalls to mobile devices in accordance with embodiments of the presenttechnology.

DETAILED DESCRIPTION

Mobile devices (e.g., cellular phones) provide convenient means toconnect users in various business and/or personal settings. Theconvenience of the mobile devices, however, may be mitigated by unwantedcalls from third parties—e.g., to sell or promote their products, todefraud the users by presenting fake situations or by disguisingthemselves as legitimate entities (e.g., a mortgage bank, a credit cardcompany) or a government agencies or authorities (e.g., a federalstudent loan agency, the Internal Revenue Service (IRS), the U.S.Department of Homeland Security). Such acts of concealing a trueidentity of a caller by disguising a phone call (or other forms ofcommunication, such as an email or a text message) as a call from atrusted source may be referred to as spoofing.

In some cases, spoofed calls may be configured to display legitimate orauthentic identifications (e.g., a mortgage bank, the IRS) as sources ofthe calls on the users' mobile devices to induce the users to answer thecalls. In some cases, spoofed calls may use fake phone numbers (whichmay be referred to as spoofed phone numbers) as sources of the calls bymimicking trusted phone numbers (e.g., phone numbers of valid contactinformation stored in a mobile device), in which the fake phone numbersare generated by altering a few digits of the trusted phone numbers suchthat the fake phone numbers may appear only slightly different than theoriginal phone numbers. Some users may be tricked by the similarappearances displayed on their mobile devices and answer the spoofedcalls. In some cases, spoofed calls may be configured to display validnicknames of the user's contact list to lower the user's alertness andtrick the user to answer the spoofed calls.

Several embodiments of the present technology facilitate mobile devicesto identify incoming spoofed calls based on various informationassociated with the spoofed calls such that the mobile devices canassist the users to manage the spoofed calls—e.g., blocking the spoofedcalls from reaching the users, providing various notifications to assistthe users in determining whether to answer potentially spoofed calls,prompting the users to report the spoofed calls to governmentauthorities (or regulatory agencies) and/or service providers of themobile devices. In some embodiments, a mobile device may receive a calltransmitted over a wireless network (which may be referred to as amobile network or a cellular network), where the call includes a set ofinformation associated with the cellular or the mobile network, overwhich the call is transmitted. For example, the set of information mayinclude a geographic location of a device that generated the call (asource device), which may be determined by a global positioning system(GPS), a hardware device identifier corresponding to the source device,an internet protocol (IP) address associated with the source device, orthe like. Subsequently, the mobile device may determine whether the callis spoofed or genuine based on the set of information associated withthe cellular or mobile network.

In some cases, the hardware device identifier may include aninternational mobile equipment identity (IMEI), an integrated circuitcard identification (ICCID), a mobile equipment identifier (MEID), aninternational mobile subscriber identity (IMSI), or the like. Forexample, the mobile device may determine the IMEI of a source device ofan incoming call matches with IMEIs of source devices associated withpast spoofed calls that the mobile device has accumulated if the set ofinformation includes IMEI. In this manner, if the set of informationincludes various forms of hardware device identifiers (e.g., IMEI,ICCID, MEID, IMSI), the mobile device may determine whether an incomingcall is spoofed or genuine based on the set of information associatedwith the cellular or mobile network, over which the incoming call istransmitted.

For example, the mobile device may determine that the location of thesource device is within a distance from one or more locations associatedwith spoofed calls that the mobile device has received prior to the call(i.e., the past spoofed calls). The distance (e.g., less than five (5)meters with 75% confidence level, less than ten (10) meters with 90%confidence level, etc.) may be devised to conclude that the locationcorresponds to the one or more locations associated with the pastspoofed calls (e.g., within a range of error or error range) such thatthe mobile device can determine whether the call is spoofed or genuine.In other examples, the mobile device may determine that the hardwaredevice identifier of the source device (e.g., IMEI, ICCID, MEID, IMSI)corresponds to one of the hardware device identifiers associated withthe past spoofed calls.

In yet another example, the mobile device may determine that the IPaddress of the source device includes a common segment with one or moreIP addresses associated with the past spoofed calls. The common segmentmay be devised to conclude that the IP address of the source devicecorresponds to one of the IP addresses associated with the past spoofcalls (e.g., with a range of error or error range)—e.g., fifty (50) orhigher percentage of digits included in the IP address of the sourcedevice matches with one of the IP addresses associated with the pastspoofed calls, where the digits of the IP address may be binary,decimal, or hexadecimal. In some cases, the mobile device may vary thecommon segment to use (e.g., dynamically determine) based on pasthistory of mobile networks the mobile device has accumulated—e.g., somemobile networks may be more prone to generate spoofed calls than othermobile networks. In some cases, multiple phone numbers may be assigned(or otherwise generated) based on a single IP address. As such, themobile device may be configured to efficiently block (or manage)multiple spoofed call having different phone numbers based on their IPaddresses.

Similarly, the mobile device may determine that a media access controladdress (MAC address) associated the source device includes acommonality with one or more MAC addresses associated with the pastspoofed calls. Typically, a MAC address may include forty-eight (48)binary bits (or six (6) groups of two hexadecimal digits). Thecommonality may be devised for the mobile device to determine that theMAC address of the source device corresponds to one of the MAC addressesassociated with the past spoof calls (e.g., with a range of error orerror range)—e.g., fifty (50) or higher percentage of binary digits (orhexadecimal digits) included in the MAC address of the source devicematches with one of the MAC addresses associated with the past spoofedcalls. In some cases, the mobile device may vary the commonality to use(e.g., dynamically determine) based on past history of mobile networksthe mobile device has accumulated—e.g., some mobile networks may be moreprone to generate spoofed calls than other mobile networks.

Further, the mobile device may provide, based on the determination, auser of the mobile device with one or more options to manage the call.For example, when the mobile device determines that the call is genuine(which may turn out to be a wrong determination based on an error rangeemployed to make such determination), the mobile device may display afirst option to prompt the user to answer the call, along with a phonenumber associated with the call in some cases. Further, the mobiledevice may add the phone number to a list of recent phone numbersreceived by the mobile device upon the user answering the call.Additionally or alternatively, when the mobile device determines thatthe call is spoofed (which may also turn out to be a wrong determinationbased on an error range employed to make such determination), the mobiledevice may display a second option to prompt the user to report the call(e.g., the phone number, the set of information associated with thenetwork) to an authority (e.g., the Federal Communications Commission),a service provider of the cellular network (or the wireless network), orboth. Further, upon the user selecting to report the call, the mobiledevice may add the phone number to a list of spoofed phone numbersstored in the mobile device. Similarly, the mobile device may store theset of information associated with the network in a memory of the mobiledevice, which is configured to store multiple sets of informationassociated with the network, over which the spoofed calls aretransmitted.

In some embodiments, the mobile device may include a neural networkcomponent (and/or an artificial intelligence component) capable oftraining itself based on the user's past responses to potentiallyspoofed calls, which can be accumulated over time. In this manner, therange of error associated with determining that a call is spoofed (orgenuine) may be improved (e.g., reduced). In some cases, the mobiledevice may, in conjunction with the neural network component (and/or theartificial intelligence component), estimate a confidence metric whiledetermining that the call is spoofed—e.g., based on the set ofinformation associated with the network, over which the call istransmitted. When the confidence metric associated with thedetermination is less than a threshold, the mobile device may display anotification on its screen informing the user that the call may begenuine (or spoofed). Subsequently, the mobile device may wait for theuser making a response—e.g., answering the call, ignoring the call,reporting the phone number to an authority, etc. As such, the mobiledevice may be regarded as operating in a supervised mode. On thecontrary, when the confidence metric is greater than the threshold, themobile device may spontaneously block the call (and informing the userof such determination and blocking the call) or display anothernotification informing the user that the call is spoofed. As such, themobile device may be regarded as operating in an unsupervised mode.

A wireless communication system that supports managing spoofed calls tomobile devices in accordance with embodiments of the present technologyis shown in FIG. 1 . Example screens of a mobile device in accordancewith embodiments of the present technology are described with referenceto FIG. 2 . Detailed descriptions of the mobile device that supportsmanaging spoofed calls are provided with reference to FIG. 3 .Flowcharts illustrating methods of managing spoofed calls to mobiledevices in accordance with embodiments of the present technology aredescribed with reference to FIGS. 4 and 5 .

FIG. 1 schematically illustrates a communication network diagram 100that supports managing spoofed calls in accordance with embodiments ofthe present technology. The diagram 100 includes a mobile device 110(which may be referred to as a user equipment, such as a cellular phone,a handheld device, a personal electronic device, etc.), a wirelesscommunication link 115, an intermediary communication system 120, acommunication channel 125, and a source device 130. The wirelesscommunication link 115 couples the mobile device 110 with theintermediary communication system 120, facilitating downlink (DL)transmissions (from the intermediary communication system 120 to themobile device 110) and uplink (UL) transmissions (from the mobile device110 to the intermediary communication system 120). In some embodiments,the mobile device 110, the wireless communication link 115, and theintermediary communication system 120 may be collectively referred to asa cellular network, a wireless network, or a mobile network. Forexample, the intermediary communication system 120 may include a basestation coupled with a core network, which supports the cellularnetwork. In other examples, the intermediary communication system 120may include a wireless access point that couples one or more Wi-Fidevices (including the mobile device 110) with a wired network—e.g., avoice over internet protocol (IP) telephone system.

The source device 130 may be coupled with the intermediary communicationsystem 120 via the communication channel 125 that may be wireless orwired. For example, the source device 130 may be another mobile device(e.g., the user equipment) coupled with the intermediary communicationsystem 120 via the communication channel 125 (e.g., a wirelesscommunication link). In other examples, the source device 130 may be anelectronic equipment (e.g., a phone, a computer configured to makenumerous calls within a short period of time) connected to theintermediary communication system 120 via the communication channel 125(e.g., a landline, a cable, or a combination of wired and wirelessconnection including a Wi-Fi access point). In some embodiments, theintermediary communication system 120 may collect various informationregarding the source device 130, such as a geographical location of thesource device 130, an IP address (or MAC address) of the source device130, a hardware device identifier of the source device 130 (e.g., IMEI,ICCID, MEID, IMSI), or the like. In some cases, the geographicallocation may be determined by a global positioning system (GPS).Further, the intermediary communication system 120 may include suchinformation regarding the source device 130 in a DL transmission to themobile device 110 over the wireless communication link 115—e.g., a phonecall to the mobile device 110.

As such, the mobile device 110 may receive a call transmitted over thewireless communication link 115, which includes a set of informationassociated with the cellular or mobile network, which includesinformation regarding the source device 130—i.e., the set of informationassociated with the network may include various information regardingthe source device 130. The mobile device 110 may determine whether thecall is spoofed or genuine based, at least in part, on the set ofinformation included in the call (or the set of information receivedalong with the call or otherwise associated with the call). For example,the mobile device 110 may include a memory that stores a list of phonenumbers associated with spoofed calls that the mobile device 110 hasreceived (e.g., past spoofed calls). Further, the memory may beconfigured to store multiple sets of information included in the pastspoofed calls (e.g., geographic locations of the source devicesassociated with the past spoofed calls, hardware device identifiers ofthe source devices that generated the past spoofed calls, IP addressesof the source devices that generated the past spoofed calls). In someembodiments, the mobile device 110 may compare the hardware deviceidentifier of the source device 130 with the list of the hardware deviceidentifiers of the source devices that generated the past spoofed calls.Subsequently, the mobile device 110 may determine that one of thehardware device identifiers stored in the memory matches with thehardware device identifier of the call—i.e., the call is spoofed despitethe call may be displaying a legitimate phone number (e.g., one of thephone numbers in the user's contact list).

In some embodiments, the mobile device 110 may compare the geographiclocation of the source device 130 with the geographic locations of thesource devices associated with the past spoofed calls. Subsequently, themobile device 110 may determine that one of the geographic locationscorresponds with the geographic location associated with the call (e.g.,the geographic location is within a distance from the one or moregeographic locations associated with the past spoofed calls)—i.e., thecall is spoofed despite the call may be displaying a legitimate phonenumber (e.g., one of the phone numbers in the user's contact list). Sucha distance may be devised to conclude that the geographic locationcorresponds to the one or more geographic locations within a certainerror range. The error range may depend on various factors, such asaccuracy of a global positioning system (GPS) that determines thegeographic location of the source device 130 and/or the locations ofother source devices that generated the past spoofed calls,uncertainties associated with determining a geographic location thesource device 130 that may be a mobile device, or the like.

In some embodiments, the mobile device 110 may compare the IP address ofthe source device 130 with the IP addresses of the source devices thatgenerated the past spoofed calls. Subsequently, the mobile device 110may determine that one of the IP addresses of the source devicescorresponds to the IP address of the call—i.e., the call is spoofeddespite the call may be displaying a legitimate phone number (e.g., oneof the phone numbers in the user's contact list). In some cases, themobile device 110 may determine that the IP address of the source device130 shares a common segment with one of the IP addresses associated withthe past spoofed calls. In some cases, the common segment may be devisedto conclude that the IP address corresponds to the one or more IPaddresses associated with the past spoofed calls—e.g., fifty (50) orhigher percentage of digits are included in both the IP address and theone or more IP addresses associated with the past spoofed calls within acertain error range. The digits may be binary, decimal, or hexadecimalbased on construction format of the IP addresses. The error range maydepend on various factors, such as the percentage of digits used (e.g.,50%, 60%, 70%, or even higher), information contained in the IPaddresses (e.g., a region, city, and/or town of the source devices), orthe like.

In some embodiments, the mobile device 110 may include a neural networkcomponent that can learn (and/or infer) from the user's input (e.g., auser of the mobile device 110) in response to receiving potentiallyspoofed calls. Such a neural network component may be configured totrain itself based on the user's past responses accumulated over time.When trained sufficiently, the mobile device 110 may spontaneouslydetermine which calls to identify and/or block as spoofed calls, withoutthe user's input as to how to manage the calls identified as spoofed.When the neural network component requires more training, the mobiledevice 110 may, in conjunction with the neural network component, assistthe user to determine whether to answer the calls or not. In some cases,the neural network component may include an artificial intelligenceengine or algorithm configured to perceive certain patterns (oranomalies) in the spoofed calls (and/or in the sets of informationincluded in the spoofed calls) such that the mobile device 110 may, inconjunction with the neural network component, increase a confidencelevel in identifying and/or determining certain calls as spoofed—e.g.,reducing a range of error associated with such identification and/ordetermination.

In some embodiments, the mobile device 110 may estimate a confidencemetric, in conjunction with a neural network component included in themobile device 110 in some cases, while determining that a call that themobile device 110 received is spoofed (or genuine) based on a set ofinformation included in the call. The mobile device 110 may inform theuser that the call is a spoofed call (and block the call) when theconfidence metric is greater than a threshold. In this regard, themobile device 110 operates in an unsupervised mode in which the mobiledevice 110 operates to spontaneously identifying the call as spoofed andblocking the call from reaching the user without the user's input (orresponse). In other cases, the mobile device 110 may determine that theestimated confidence metric is less than a threshold. In such cases, themobile device 110 may display options for the user to select (e.g.,answering the call, reporting the call as a spoofed call, ignoring thecall), as well as a notification to the user informing that the call maybe spoofed (or genuine). In this regard, the mobile device 110 operatesin a supervised mode in which the mobile device 110 operates inaccordance with a response (or input) from the user.

FIG. 2 illustrates example screens of a mobile device that supportsmanaging spoofed calls in accordance with embodiments of the presenttechnology. As described with reference to FIG. 1 , the mobile device(e.g., the mobile device 110) may determine whether a call is spoofed orgenuine based, at least in part, on a set of information included in thecall. Further, the mobile device may display one or more options and/ornotifications for a user of the mobile device to manage the call. Insome embodiments, the options may include answering the call, dismissing(e.g., rejecting, ignoring, silencing, terminating without answering)the call, sending the information about the call (e.g., a set ofcellular information associated with the call) to a third party (e.g., agovernment authority, a service provider of the cellular network).Various aspects of managing spoofed calls are described below withreference to example screens of a mobile device in accordance withembodiments of the present technology.

As depicted in a first screen 205, the mobile device 110 may display, onits screen, a phone number corresponding to the call, a first inputregion 220, and a second input region 225. The first input region 220may be configured to accept the user's input to answer the call. Thesecond input region 225 may be configured to accept the user's input toreport the phone number and the set of information included in the callto an authority (e.g., the Federal Communications Commission (FCC),State Consumer Protection Offices), a service provider of the cellularnetwork (or the wireless network) over which the call is transmitted, orboth. When the user selects the second input region 225, the mobiledevice 110 transmits the phone number and/or the set of information tothe authority and/or the service provider. Further, the mobile device110 may add the phone number to a list of spoofed phone numbers storedtherein, after transmitting the phone number and the set of information.Additionally or alternatively, the mobile device 110 may store the setof information in a memory of the mobile device 110 configured to storemultiple sets of information associated with spoofed phone numbers(i.e., spoofed calls), after transmitting the phone number and the setof cellular information.

In some cases, the authority may determine to take certain correctiveactions (e.g., assessing fines to individuals or entities that generatedthe spoofed calls) based on the list of spoofed phone numbers and/or thesets of information (e.g., GPS locations, hardware device identifiers,IP addresses) reported to be associated with (or included in) thespoofed calls. Also, the service provider may provide warnings to itssubscribers based on the list of spoofed phone numbers and/or the setsof information included in the spoofed calls when potentially spoofedcalls are transmitted to the subscribers—e.g., calls generated using thespoofed phone numbers, calls associated with the GPS locations, thehardware device identifiers, and/or the IP address (or the MAC address),those which have been reported by the users (subscribers) as associatedwith (or included in) the spoofed calls. In some cases, the serviceprovider may block the suspicious calls (e.g., spoofed calls) fromreaching the subscribers.

Further, the first screen 205 may include an additional option for theuser (not depicted in the first screen 205). For example, the firstscreen 205 may include an option to ignore the call (or relay the callto a voice message application of the mobile device 110)—i.e., neitheranswer nor report the call. In this manner, the user can allow thecaller to leave a voice message such that the user can determine laterwhether the call was genuine, irrelevant (e.g., a sales speech left inthe voice message), or spoofed based on the contents of the voicemessage or lack thereof. Additionally, the first screen 205 may includeadditional notifications to the user (e.g., in a third region, notshown) informing that the call may be genuine (or spoofed), along with aconfidence metric estimated in making such determination, in somecases—e.g., when the mobile device 110 operates in the supervised modeof operation.

In some embodiments, the mobile device 110 may monitor how the usercategorized the call based on the voice message—e.g., the userdetermined the call as spoofed based on the voice message stating “thisis regarding your student federal loan” when the user has no studentloan. Upon the user determining the call as spoofed and responding tothe call (e.g., reporting the call as spoofed to a government authorityand/or a service provider), the mobile device 110 may update its list ofthe spoofed phone numbers to include a phone number of the call and/orstore the set of information included in the call that the user deemedas spoofed in the memory of the mobile device 110. Subsequently, themobile device 110 may block additional calls from the phone numberand/or based on the set of information included in the call—e.g.,blocking additional calls having different phone numbers, but includingthe same information (e.g., a geographic location, a hardware deviceidentifier, an IP address, or a combination thereof) regarding thesource device (e.g., the source device 130) that generated the calls.

In some embodiments, when the user selects the first input region of thefirst screen 205—i.e., the user decides to answer the call, the mobiledevice 110 may add the phone number (e.g., the phone number displayed onthe first screen 205) to a list of recent phone numbers received by themobile device 110. The user, however, may find that the call was eithera spoofed call or an illegitimate call (e.g., a sales or promotioncall). Thereafter, the user may want to report the call to an authorityand/or the service provider. The mobile device 110 may display the phonenumber on the screen after the user terminates the call, where the phonenumber is accompanied by a prompt for the user to indicate that the callwas spoofed. Once the user indicates that the call as spoofed, themobile device 110 may add the phone number to the list of spoofed phonenumbers stored in the mobile device 110. Further, the mobile device 110may store the set of information included in the call in a memory of themobile device 110, which is configured to store multiple sets ofinformation included in the spoofed calls.

Additionally or alternatively, as depicted in a second screen 210, themobile device 110 may display the list of recent phone numbers includingthe phone number (that the user determined as spoofed) on the screenafter the user terminates the call. The second screen 210 also depictsthat individual phone numbers are associated with corresponding prompts(e.g., prompts 230 a through 230 c). Each prompt provides an option forthe user to select to report the phone number and the set of informationto the authority and/or the service provider.

A third screen 215 illustrates that the mobile device 110 may display anotification 240 on its screen to inform the user that the incoming callis a spoofed call. For example, the mobile device 110 can estimate aconfidence metric while the mobile device 110 determines that the callis spoofed (or genuine) based on the set of information included in thecall. Further, the mobile device 110 may determine that the confidencemetric is greater than a threshold. In such cases, the mobile device 110displays the notification 240 to inform the user that the incoming callis a spoofed call. Additionally or alternatively, the mobile device 110may spontaneously block the incoming call from reaching the user. Insome embodiments, the third screen 215 may include a phone number of theincoming call, as depicted in the first screen 205. In some cases, thethird screen 215 illustrates the mobile device 110 operating under theunsupervised mode (e.g., the mobile device 110 operating without theuser's input and/or responses), in conjunction with a neural networkcomponent that can be trained based on the user's past responses topotentially spoofed calls.

FIG. 3 is a block diagram 300 schematically illustrating a mobile devicethat supports managing spoofed calls in accordance with an embodiment ofthe present technology. The diagram 300 includes a mobile device 305,which may be an example of or include an aspect of the mobile device 110described with reference to FIGS. 1 and 2 . The mobile device 305 of thediagram 300 includes a wireless communication component 310 comprising atransmitting component 315 and a receiving component 320, anauthenticating component 325, a memory 330, and a screen 335.

The receiving component 320 may be configured to receive a calltransmitted over a cellular network (e.g., the cellular, wireless, ormobile network described with reference to FIG. 1 , in which the mobiledevice 305 is coupled (e.g., linked) with the intermediary communicationsystem 120 via the wireless communication link 115). The call mayinclude a set of information associated with the cellular network—e.g.,a geographic location, a hardware device identifier, and/or an IPaddress of a source device 130 that generated the call, or the like.

The authenticating component 325 may be configured to determine whetherthe call is spoofed or genuine based, at least in part, on the set ofinformation included in the call. In some cases, the authenticatingcomponent 325 may compare the set of information with multiple sets ofinformation included in the past spoofed calls, which the mobile device305 has stored in the memory 330. Also, the mobile device 305 may storea list of spoofed phone numbers in the memory 330 and update the list(e.g., add to the list) when the mobile device 305 receives additionalspoofed calls, which may be determined based on the user's input (e.g.,when the user selects the second input region 225 to report the phonenumber as spoofed) or the mobile device 305's own determination (e.g.,when the mobile device 305 operates under the unsupervised mode asdescribed with reference to FIG. 2 ). In some embodiments, theauthenticating component 325 may be configured to estimate a confidencemetric while determining that the call is spoofed (or genuine) based onthe set of information. In this regard, the mobile device 305 mayinclude a neural network component 340 configured to improve theconfidence interval based on inputs from the user accumulated over time.

Further, the mobile device 305 may display the spoofed phone numbers inthe list to the user (e.g., on the screen 335) such that the user mayexamine the list to see if one or more phone numbers classified asspoofed are actually legitimate phone numbers that the user wants toreceive calls therefrom. In some cases, the phone numbers that the userwants to reclassify (e.g., remove from the list of spoofed phonenumbers) may include phone numbers of legitimate business entitiesassociated with the user, e.g., the user's banks, particular stores thatthe user maintains business with. In some cases, valid contacts (and/ortheir phone numbers) in the user's contact list may have been abused(e.g., used to disguise or otherwise conceal true identities of callersthat generated the spoofed calls), and as a result, have been classifiedas spoofed. Thus, the user may want to reclassify (e.g., remove from thelist of spoofed phone numbers) such valid contacts (and/or their phonenumbers) such that the user may continue to receive calls from suchvalid contacts. In some cases, individual phone numbers of the list maybe displayed on the screen 335, along with corresponding promptsconfigured for the user to select to reclassify the individual phonenumbers. Thereafter, the mobile device 305 may delete, from the list ofspoofed phone numbers, such phone numbers that the user selected toreclassify.

FIG. 4 is a flowchart 400 illustrating a method of managing spoofedcalls to mobile devices in accordance with embodiments of the presenttechnology. The flowchart 400 may be an example of or include aspects ofa method that a mobile device (e.g., the mobile device 110, the mobiledevice 305) may perform as described with reference to FIGS. 1 through 3.

The method includes receiving, at a mobile device, a call transmittedover a cellular network, the call including a set of cellularinformation (box 410). In accordance with one aspect of the presenttechnology, the receiving feature of box 410 can be performed by amobile device (e.g., the mobile device 110, the mobile device 305), inconjunction with the wireless communication component 310 in some cases,as described with reference to FIGS. 1 through 3 .

The method further includes determining whether the call is spoofed orgenuine based, at least in part, on the set of cellular information (box415). In accordance with one aspect of the present technology, thedetermining feature of box 415 can be performed by a mobile device(e.g., the mobile device 110, the mobile device 305), in conjunctionwith the authenticating component 325 in some cases, as described withreference to FIGS. 1 through 3 .

The method further includes providing, based on the determination, auser of the mobile device with one or more options to manage the call,the options comprising answering the call, dismissing the call, andsending information about the call to a third party via the cellularnetwork (box 420). In accordance with one aspect of the presenttechnology, the providing feature of box 420 can be performed by amobile device (e.g., the mobile device 110, the mobile device 305), inconjunction with the screen 335 in some cases, as described withreference to FIGS. 1 through 3 .

The method further includes performing the one or more options inresponse to receiving an input from the user (box 425). In accordancewith one aspect of the present technology, the performing feature of box425 can be performed by a mobile device (e.g., the mobile device 110,the mobile device 305) as described with reference to FIGS. 1 through 3.

In some embodiments, providing the user with the one or more options tomanage the call includes displaying on a screen of the mobile device aphone number corresponding to the call, a first input region, and asecond input region, where the first input region is configured toaccept the input that corresponds to answering the call, and the secondinput region is configured to accept the input that corresponds toreporting the phone number and the set of cellular information to anauthority, a service provider of the cellular network, or both. In someembodiments, performing the one or more options includes transmittingthe phone number and the set of cellular information to the authority,the service provider, or both, when the user selects the second inputregion. In some embodiment, the method may further include adding thephone number to a list of spoofed phone numbers stored in the mobiledevice, after transmitting the phone number and the set of cellularinformation.

In some embodiments, the method may further include storing the set ofcellular information to a memory of the mobile device configured tostore multiple sets of cellular information associated with spoofedphone numbers, after transmitting the phone number and the set ofcellular information. In some embodiments, the method may furtherinclude adding the phone number to a list of recent phone numbersreceived by the mobile device, when the user selects the first inputregion. In some embodiments, the method may further include displayingthe list of recent phone numbers including the phone number on thescreen after the user terminates the call, where at least the phonenumber is accompanied by a prompt configured for the user to select toreport the phone number and the set of cellular information to theauthority, the service provider, or both.

In some embodiments, the method may further include displaying the phonenumber on the screen after the user terminates the call, where the phonenumber is accompanied by a prompt for the user to indicate that thephone number was spoofed. In some embodiments, the method may furtherinclude storing the set of cellular information to a memory of themobile device configured to store multiple sets of cellular informationassociated with the phone numbers determined to be spoofed. In someembodiments, the method may further include estimating a confidencemetric while determining that the call is spoofed based on the set ofcellular information, and displaying on the screen a third regionincluding a notification to the user informing that the call is spoofed,when the confidence metric is greater than a threshold. In someembodiments, the method may further include estimating a confidencemetric while determining that the call is spoofed based on the set ofcellular information, and displaying on the screen a third region inaddition to the first and second input regions, the third regionincluding a notification to the user informing that the call may begenuine, when the confidence metric is less than a threshold.

In some embodiments, the set of cellular information may include alocation determined by a global positioning system (GPS), whichcorresponds to a geographic location of a device that generated thecall, and determining whether the call is spoofed or genuine includesdetermining that the location is within a distance from one or morelocations associated with spoofed calls received prior to the call, thedistance devised to identify the location corresponding to the one ormore locations. In some embodiments, the set of cellular informationincludes a hardware device identifier corresponding to a device thatgenerated the call and determining whether the call is spoofed orgenuine includes determining that the hardware device identifiercorresponds to one or more hardware device identifiers associated withspoofed calls received prior to the call. In some embodiments, the setof cellular information may include an internet protocol (IP) addressassociated with a device that generated the call, and determiningwhether the call is spoofed or genuine includes determining that the IPaddress includes a common segment with one or more IP addressesassociated with spoofed calls received prior to the call, the commonsegment devised to identify the IP address corresponding to the one ormore IP addresses.

FIG. 5 is a flowchart 500 illustrating a method of managing spoofedcalls to mobile devices in accordance with embodiments of the presenttechnology. The flowchart 500 may be an example of or include aspects ofa method that a mobile device (e.g., the mobile device 110, the mobiledevice 305) may perform as described with reference to FIGS. 1 through 3.

The method includes providing an option to a user of a mobile device tomanage a list of phone numbers associated with one or more callsclassified as spoofed based on one or more sets of cellular informationassociated with the one or more calls (box 510). In accordance with oneaspect of the present technology, the providing feature of box 510 canbe performed by a mobile device (e.g., the mobile device 110, the mobiledevice 305), in conjunction with the screen 335 in some cases, asdescribed with reference to FIGS. 1 through 3 .

The method further includes displaying individual phone numbers of thelist, along with corresponding prompts configured for the user to selectto reclassify (box 515). In accordance with one aspect of the presenttechnology, the displaying feature of box 515 can be performed by amobile device (e.g., the mobile device 110, the mobile device 305), inconjunction with the screen 335 in some cases, as described withreference to FIGS. 1 through 3 .

The method further includes deleting, from the list, one or more phonenumbers that the user selects to reclassify (box 520). In accordancewith one aspect of the present technology, the deleting feature of box520 can be performed by a mobile device (e.g., the mobile device 110,the mobile device 305), in conjunction with the memory 330 in somecases, as described with reference to FIGS. 1 through 3 .

In some embodiments, the one or more phone numbers that the user selectsto reclassify, may correspond to authentic phone numbers stored in themobile device, which have been used to conceal identities of callersthat generated the one or more calls classified as spoofed. In someembodiments, the one or more phone numbers that the user selects toreclassify, may be associated with legitimate business entities of theuser.

It should be noted that the methods described above describe possibleimplementations, and that the operations and the steps may be rearrangedor otherwise modified and that other implementations are possible.Furthermore, embodiments from two or more of the methods may becombined.

The functions described herein may be implemented in hardware, softwareexecuted by a processor, firmware, or any combination thereof. Otherexamples and implementations are within the scope of the disclosure andappended claims. Features implementing functions may also be physicallylocated at various positions, including being distributed such thatportions of functions are implemented at different physical locations.

As used herein, including in the claims, “or” as used in a list of items(for example, a list of items prefaced by a phrase such as “at least oneof” or “one or more of”) indicates an inclusive list such that, forexample, a list of at least one of A, B, or C means A or B or C or AB orAC or BC or ABC (i.e., A and B and C). Also, as used herein, the phrase“based on” shall not be construed as a reference to a closed set ofconditions. For example, an exemplary step that is described as “basedon condition A” may be based on both a condition A and a condition Bwithout departing from the scope of the present disclosure. In otherwords, as used herein, the phrase “based on” shall be construed in thesame manner as the phrase “based at least in part on.”

From the foregoing, it will be appreciated that specific embodiments ofthe invention have been described herein for purposes of illustration,but that various modifications may be made without deviating from thescope of the invention. Rather, in the foregoing description, numerousspecific details are discussed to provide a thorough and enablingdescription for embodiments of the present technology. One skilled inthe relevant art, however, will recognize that the disclosure can bepracticed without one or more of the specific details. In otherinstances, well-known structures or operations often associated withmemory systems and devices are not shown, or are not described indetail, to avoid obscuring other aspects of the technology. In general,it should be understood that various other devices, systems, and methodsin addition to those specific embodiments disclosed herein may be withinthe scope of the present technology.

What is claimed is:
 1. A method, comprising: receiving, at a mobiledevice, a call transmitted over a cellular network, the call including aset of cellular information having an internet protocol (IP) addressassociated with the device; determining whether the call is spoofed orgenuine based, at least in part, on the set of cellular information,wherein determining whether the call is spoofed or genuine includesdetermining that the IP address includes a common segment with one ormore IP addresses associated with the spoofed calls, wherein the commonsegment includes a percentage of digits of the IP address fordetermining that the IP address corresponds to the one or more IPaddresses, and wherein the percentage is determined based on pasthistory of the cellular network generating the spoofed calls; providing,based on the determination, a user of the mobile device with one or moreoptions to manage the call; and performing the one or more options inresponse to receiving an input from the user.
 2. The method of claim 1,wherein providing the user with the one or more options to manage thecall comprises: displaying on a screen of the mobile device a phonenumber corresponding to the call, a first input region, and a secondinput region, wherein: the first input region is configured to acceptthe input that corresponds to answering the call, and the second inputregion is configured to accept the input that corresponds to reportingthe phone number and the set of cellular information to an authority, aservice provider of the cellular network, or both.
 3. The method ofclaim 2, wherein performing the one or more options comprises:transmitting the phone number and the set of cellular information to theauthority, the service provider, or both, when the user selects thesecond input region.
 4. The method of claim 3, further comprising:adding the phone number to a list of spoofed phone numbers stored in themobile device, after transmitting the phone number and the set ofcellular information.
 5. The method of claim 3, further comprising:storing the set of cellular information to a memory of the mobile deviceconfigured to store multiple sets of cellular information associatedwith spoofed phone numbers, after transmitting the phone number and theset of cellular information.
 6. The method of claim 2, furthercomprising: adding the phone number to a list of recent phone numbersreceived by the mobile device, when the user selects the first inputregion.
 7. The method of claim 6, further comprising: displaying thelist of recent phone numbers including the phone number on the screenafter the user terminates the call, wherein at least the phone number isaccompanied by a prompt configured for the user to select to report thephone number and the set of cellular information to the authority, theservice provider, or both.
 8. The method of claim 6, further comprising:displaying the phone number on the screen after the user terminates thecall, wherein the phone number is accompanied by a prompt for the userto indicate that the phone number was spoofed.
 9. The method of claim 8,further comprising: storing the set of cellular information to a memoryof the mobile device configured to store multiple sets of cellularinformation associated with the phone numbers determined to be spoofed.10. The method of claim 2, further comprising: estimating a confidencemetric while determining that the call is spoofed based on the set ofcellular information; and displaying on the screen a third regionincluding a notification to the user informing that the call is spoofed,when the confidence metric is greater than a threshold.
 11. The methodof claim 2, further comprising: estimating a confidence metric whiledetermining that the call is spoofed based on the set of cellularinformation; and displaying on the screen a third region in addition tothe first and second input regions, the third region including anotification to the user informing that the call may be genuine, whenthe confidence metric is less than a threshold.
 12. The method of claim1, wherein the set of cellular information includes a hardware deviceidentifier corresponding to a device that generated the call, andwherein determining whether the call is spoofed or genuine includesdetermining that the hardware device identifier corresponds to one ormore hardware device identifiers associated with spoofed calls receivedprior to the call.
 13. A mobile device, comprising: a receivingcomponent configured to receive a call transmitted over a cellularnetwork, the call including a set of cellular information having aninternet protocol (IP) address associated with the device; anauthenticating component configured to determine whether the call isspoofed or genuine based, at least in part, on the set of cellularinformation, wherein determining whether the call is spoofed or genuineincludes determining that the IP address includes a common segment withone or more IP addresses associated with the spoofed calls, wherein thecommon segment includes a percentage of digits of the IP address fordetermining that the IP address corresponds to the one or more IPaddresses, and wherein the percentage is determined based on pasthistory of the cellular network generating the spoofed calls; and atransmitting component configured to transmit, in response to theauthenticating component determining the call is spoofed, a phone numbercorresponding to the call and the set of cellular information to anauthority, a service provider of the cellular network, or both.
 14. Themobile device of claim 13, wherein the authenticating component isfurther configured to estimate a confidence metric while determiningthat the call is spoofed based on the set of cellular information. 15.The mobile device of claim 13, further comprising: a neural networkcomponent configured to improve a confidence interval based on inputsfrom the user accumulated over time, wherein the confidence interval isestimated while determining that the call is spoofed based on the set ofcellular information.